subject:"\[Freeipa\-devel\] \[PATCH 0140\-0142\] Use NSS for name\->resolution in IPA installer \& relax some DNS checks"

Re: [Freeipa-devel] [PATCH 0140-0142] Use NSS for name->resolution in IPA installer & relax some DNS checks

2016-06-29 Thread Petr Spacek

On 29.6.2016 14:22, Martin Basti wrote:
> 
> 
> On 28.06.2016 19:40, Petr Spacek wrote:
>> Hello,
>>
>> DNS: Remove unnecessary DNS check from installer
>>
>> Previously we were checking content of DNS before actually adding DNS
>> records for replicas. This is causing cycle in logic and adds weird
>> corner cases to the installer which can blow up on DNS timeout or so.
>>
>> The check was completely unnecessary because the installer knows IP
>> addresses and name of the machine. Removal of the check makes
>> the installer more reliable.
>>
>> https://fedorahosted.org/freeipa/ticket/5962
>>
>> Use NSS for name->resolution in IPA installer
>>
>> This fixes scenarios where IPA server is not able to resolve own name
>> and option --ip-address was not specified by the user.
>>
>> This partially reverts changes from commit
>> dc405005f537cf278fd6ddfe6b87060bd13d9a67
>>
>> https://fedorahosted.org/freeipa/ticket/5962
>>
>> client-install: do not fail if DNS times out during DNS update generation
>>
>> https://fedorahosted.org/freeipa/ticket/5962
>>
> ACK
> 
> master:
> * 1802f7a2258c793d11c7a9c2a4786cea42b9b058 client-install: do not fail if DNS
> times out during DNS update generation
> * 7be50ea7150b36adf9051fc1003dd36f61d68451 Use NSS for name->resolution in IPA
> installer
> * 954f6095fd2783e631cba042f86bec87394f9224 DNS: Remove unnecessary DNS check
> from installer
> 
> Patches for ipa-4-3 need rebase

Here is the rebase.

-- 
Petr^2 Spacek
From 92585dd70adaf490a1d6a2ebed14697c6f763d3a Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Tue, 28 Jun 2016 18:13:58 +0200
Subject: [PATCH] client-install: do not fail if DNS times out during DNS
 update generation

https://fedorahosted.org/freeipa/ticket/5962
---
 client/ipa-client-install | 4 
 1 file changed, 4 insertions(+)

diff --git a/client/ipa-client-install b/client/ipa-client-install
index 8ba6f9c1ba441d6a73dcd6c2598ed5463d6a9e3b..b900eca4ed9e3dce3641e176d6d1651535dabcdc 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -1764,6 +1764,10 @@ def client_dns(server, hostname, options):
 root_logger.warning("Hostname (%s) does not have A/ record.",
 hostname)
 dns_ok = False
+except errors.DNSResolverError as ex:
+root_logger.warning("DNS resolution for hostname %s failed: %s",
+hostname, ex)
+dns_ok = False
 
 if (options.dns_updates or options.all_ip_addresses or options.ip_addresses
 or not dns_ok):
-- 
2.7.4

From b4d24d7241fa929d0cb49af4c59978420074222e Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Tue, 28 Jun 2016 13:53:58 +0200
Subject: [PATCH] Use NSS for name->resolution in IPA installer

This fixes scenarios where IPA server is not able to resolve own name
and option --ip-address was not specified by the user.

This partially reverts changes from commit
dc405005f537cf278fd6ddfe6b87060bd13d9a67

https://fedorahosted.org/freeipa/ticket/5962
---
 ipapython/dnsutil.py  |  2 +-
 ipaserver/install/bindinstance.py |  4 +---
 ipaserver/install/installutils.py | 43 +--
 3 files changed, 43 insertions(+), 6 deletions(-)

diff --git a/ipapython/dnsutil.py b/ipapython/dnsutil.py
index 6aa0e0772d2a3339a18e06c33419083a58e237e4..aca506120ac4c64f3e7af960e0430ae5a3e16d35 100644
--- a/ipapython/dnsutil.py
+++ b/ipapython/dnsutil.py
@@ -321,7 +321,7 @@ def resolve_rrsets(fqdn, rdtypes):
 
 
 def resolve_ip_addresses(fqdn):
-"""Get IP addresses from DNS A/ records for given host.
+"""Get IP addresses from DNS A/ records for given host (using DNS).
 :returns:
 list of IP addresses as CheckedIPAddress objects
 """
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 3e6e26ccdd7bbfb25a19f210307d6597be901a37..efabab167fdaa30cd1483b097c7939f9fcbe4cea 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -910,9 +910,7 @@ class BindInstance(service.Service):
 if fqdn == self.fqdn:
 continue
 
-addrs = dnsutil.resolve_ip_addresses(fqdn)
-# hack, will go away with locations
-addrs = [str(addr) for addr in addrs]
+addrs = installutils.resolve_ip_addresses_nss(fqdn)
 
 root_logger.debug("Adding DNS records for master %s" % fqdn)
 self.__add_master_records(fqdn, addrs)
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index baa0d3d69987584afd6bf7186a236c4b21fbd748..49336a864791aed74ef4736b43900d7977e49a0c 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -447,6 +447,46 @@ def create_keytab(path, principal):
 
 kadmin("ktadd -k " + path + " " + principal)
 
+def resolve_ip_addresses_nss(fqdn):
+"""Get list of IP addresses for given host (using NSS/getaddrinfo).
+

Re: [Freeipa-devel] [PATCH 0140-0142] Use NSS for name->resolution in IPA installer & relax some DNS checks

2016-06-29 Thread Martin Basti




On 28.06.2016 19:40, Petr Spacek wrote:

Hello,

DNS: Remove unnecessary DNS check from installer

Previously we were checking content of DNS before actually adding DNS
records for replicas. This is causing cycle in logic and adds weird
corner cases to the installer which can blow up on DNS timeout or so.

The check was completely unnecessary because the installer knows IP
addresses and name of the machine. Removal of the check makes
the installer more reliable.

https://fedorahosted.org/freeipa/ticket/5962

Use NSS for name->resolution in IPA installer

This fixes scenarios where IPA server is not able to resolve own name
and option --ip-address was not specified by the user.

This partially reverts changes from commit
dc405005f537cf278fd6ddfe6b87060bd13d9a67

https://fedorahosted.org/freeipa/ticket/5962

client-install: do not fail if DNS times out during DNS update generation

https://fedorahosted.org/freeipa/ticket/5962


ACK

master:
* 1802f7a2258c793d11c7a9c2a4786cea42b9b058 client-install: do not fail 
if DNS times out during DNS update generation
* 7be50ea7150b36adf9051fc1003dd36f61d68451 Use NSS for name->resolution 
in IPA installer
* 954f6095fd2783e631cba042f86bec87394f9224 DNS: Remove unnecessary DNS 
check from installer


Patches for ipa-4-3 need rebase

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0140-0142] Use NSS for name->resolution in IPA installer & relax some DNS checks

2016-06-28 Thread Petr Spacek

Hello,

DNS: Remove unnecessary DNS check from installer

Previously we were checking content of DNS before actually adding DNS
records for replicas. This is causing cycle in logic and adds weird
corner cases to the installer which can blow up on DNS timeout or so.

The check was completely unnecessary because the installer knows IP
addresses and name of the machine. Removal of the check makes
the installer more reliable.

https://fedorahosted.org/freeipa/ticket/5962

Use NSS for name->resolution in IPA installer

This fixes scenarios where IPA server is not able to resolve own name
and option --ip-address was not specified by the user.

This partially reverts changes from commit
dc405005f537cf278fd6ddfe6b87060bd13d9a67

https://fedorahosted.org/freeipa/ticket/5962

client-install: do not fail if DNS times out during DNS update generation

https://fedorahosted.org/freeipa/ticket/5962

-- 
Petr^2 Spacek
From 83751ef09f7502292344e877392f20b74c458a1b Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Tue, 28 Jun 2016 18:13:58 +0200
Subject: [PATCH] client-install: do not fail if DNS times out during DNS
 update generation

https://fedorahosted.org/freeipa/ticket/5962
---
 client/ipa-client-install | 4 
 1 file changed, 4 insertions(+)

diff --git a/client/ipa-client-install b/client/ipa-client-install
index 2da2720d1f959b452a4895ebb23e0efadae2a7fc..1cdaf7b3e25e40301ad9e3bbd13559f69cb04745 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -1769,6 +1769,10 @@ def client_dns(server, hostname, options):
 root_logger.warning("Hostname (%s) does not have A/ record.",
 hostname)
 dns_ok = False
+except errors.DNSResolverError as ex:
+root_logger.warning("DNS resolution for hostname %s failed: %s",
+hostname, ex)
+dns_ok = False
 
 if (options.dns_updates or options.all_ip_addresses or options.ip_addresses
 or not dns_ok):
-- 
2.7.4

From 93bd9850ba04df2bfc15c2d2442bff9d2aa2e65c Mon Sep 17 00:00:00 2001
From: Petr Spacek 
Date: Tue, 28 Jun 2016 13:53:58 +0200
Subject: [PATCH] Use NSS for name->resolution in IPA installer

This fixes scenarios where IPA server is not able to resolve own name
and option --ip-address was not specified by the user.

This partially reverts changes from commit
dc405005f537cf278fd6ddfe6b87060bd13d9a67

https://fedorahosted.org/freeipa/ticket/5962
---
 ipapython/dnsutil.py  |  2 +-
 ipaserver/install/bindinstance.py |  4 +---
 ipaserver/install/installutils.py | 43 +--
 3 files changed, 43 insertions(+), 6 deletions(-)

diff --git a/ipapython/dnsutil.py b/ipapython/dnsutil.py
index 6aa0e0772d2a3339a18e06c33419083a58e237e4..aca506120ac4c64f3e7af960e0430ae5a3e16d35 100644
--- a/ipapython/dnsutil.py
+++ b/ipapython/dnsutil.py
@@ -321,7 +321,7 @@ def resolve_rrsets(fqdn, rdtypes):
 
 
 def resolve_ip_addresses(fqdn):
-"""Get IP addresses from DNS A/ records for given host.
+"""Get IP addresses from DNS A/ records for given host (using DNS).
 :returns:
 list of IP addresses as CheckedIPAddress objects
 """
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 2bc753883fdf1eee01e6b77967df9a1a98a76897..6b266edaa7716dd23196152cc40db442a45c92a5 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -870,9 +870,7 @@ class BindInstance(service.Service):
 if fqdn == self.fqdn:
 continue
 
-addrs = dnsutil.resolve_ip_addresses(fqdn)
-# hack, will go away with locations
-addrs = [str(addr) for addr in addrs]
+addrs = installutils.resolve_ip_addresses_nss(fqdn)
 
 root_logger.debug("Adding DNS records for master %s" % fqdn)
 self.__add_master_records(fqdn, addrs)
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index b1ad19c857d10213c21a88313c45b23a1189d470..a15571f92242c4628d067de1b05424eaa15b20af 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -445,6 +445,46 @@ def create_keytab(path, principal):
 
 kadmin("ktadd -k " + path + " " + principal)
 
+def resolve_ip_addresses_nss(fqdn):
+"""Get list of IP addresses for given host (using NSS/getaddrinfo).
+:returns:
+list of IP addresses as CheckedIPAddress objects
+"""
+# make sure the name is fully qualified
+# so search path from resolv.conf does not apply
+fqdn = str(dnsutil.DNSName(fqdn).make_absolute())
+try:
+addrinfos = socket.getaddrinfo(fqdn, None,
+   socket.AF_UNSPEC, socket.SOCK_STREAM)
+except socket.error as ex:
+if ex.errno == socket.EAI_NODATA or ex.errno == socket.EAI_NONAME:
+root_logger.debug('Name %s does not have any address: %s',
+

Re: [Freeipa-devel] [PATCH 0140-0142] Use NSS for name->resolution in IPA installer & relax some DNS checks

Re: [Freeipa-devel] [PATCH 0140-0142] Use NSS for name->resolution in IPA installer & relax some DNS checks

[Freeipa-devel] [PATCH 0140-0142] Use NSS for name->resolution in IPA installer & relax some DNS checks

3 matches

Site Navigation

Mail list logo

Footer information